STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide

V-269544

CAT II (Medium)

AlmaLinux OS 9 audit system must protect logon UIDs from unauthorized change.

Rule ID

SV-269544r1050427_rule

STIG

Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide

Version

V1R6

CCIs

CCI-000163

Discussion

If modification of login user identifiers (UIDs) is not prevented, they can be changed by nonprivileged users and make auditing complicated or impossible.

Check Content

Verify the audit system prevents unauthorized changes to logon UIDs with the following command:

$ grep immutable /etc/audit/audit.rules

--loginuid-immutable

If the "--loginuid-immutable" option is not returned in the "/etc/audit/audit.rules", or the line is commented out, this is a finding.

Fix Text

Configure AlmaLinux OS 9 auditing to prevent modification of login UIDs once they are set by adding the following line to /etc/audit/rules.d/audit.rules:

--loginuid-immutable